Skip to main content
SpringerLink
Log in

Modelling Fine-Grained Access Control Policies in Grids

  • Published:
Journal of Grid Computing Aims and scope Submit manuscript

Abstract

This paper presents an abstract specification of an enforcement mechanism of usage control for Grids, and verifies formally that such mechanism enforces UCON policies. Our technique is based on KAOS, a goal-oriented requirements engineering methodology with a formal LTL-based language and semantics. KAOS is used in a bottom-up form. We abstract the specification of the enforcement mechanism from current implementations of usage control for Grids. The result of this process is agent and operation models that describe the main components and operations of the enforcement mechanism. KAOS is used in top-down form by applying goal-refinement in order to refine UCON policies. The result of this process is a goal-refinement tree, which shows how a goal (policy) can be decomposed into sub-goals. Verification that a policy can be enforced is then equivalent to prove that a goal can be implemented by the enforcement mechanism represented by the agent and operation models.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Foster, I., Kesselman, C., Tuecke, S.: The anatomy of the grid: enabling scalable virtual organizations. International Journal of Supercomputer Applications 15(3) (2001)

  2. Venugopal, S., Buyya, R., Ramamohanarao, K.: A taxonomy of data grids for distributed data sharing, management, and processing. ACM Comput. Surv. 38(1), 3 (2006)

    Article  Google Scholar 

  3. Park, J., Sandhu, R.: The UCON A B C usage control model. ACM Trans. Inf. Syst. Secur. 7(1), 128 (2004)

    Article  Google Scholar 

  4. Pretschner, A., Hilty, M., Basin, D.: Distributed usage control. Commun. ACM 49(9), 39 (2006)

    Article  Google Scholar 

  5. Martinelli, F., Mori, P.: A model for usage control in GRID systems. In: Grid-STP2007, International Conference on Security, Trust and Privacy in Grid Systems. IEEE Computer Society (2007)

  6. Zhang, X., Nakae, M., Covington, M.J., Sandhu, R.: Toward a usage-based security framework for collaborative computing systems. ACM Trans. Inf. Syst. Secur. 11(1), 3:1 (2008)

    Article  Google Scholar 

  7. van Lamsweerde, A.: Requirements Engineering in the Year 00: A Research Perspective. In: International Conference on Software Engineering, pp. 5–19 (2000)

  8. Zhang, X., Parisi-Presicce, F., Sandhu, R., Park, J.: Formal model and policy specification of usage control. ACM Trans. Inf. Syst. Secur. 8(4), 351 (2005)

    Article  Google Scholar 

  9. Sandhu, R., Park, J.: Usage control: A vision for next generation access control. In: MMM-ACNS, pp. 17–31 (2003)

  10. Martinelli, F., Mori, P.: On usage control for GRID systems. Futur. Gener. Comput. Syst. 26 (7), 1032 (2010)

    Article  Google Scholar 

  11. Naqvi, S., Massonet, P., Aziz, B., Arenas, A., Martinelli, F., Mori, P., Blasi, L., Cortese, G.: Fine-grained continuous usage control of service based grids - The GridTrust approach. In: Proceedings of the 1st European Conference on Towards a Service-Based Internet, Springer-Verlag, ServiceWave’08, pp. 242–253 (2008)

  12. OASIS: Oasis Extensible Access Control Markup Language (XACML), http://www.oasis-open.org/committees/xacml (2005)

  13. e Ghazia, U., Masood, R., Shibli, M.A., Bilal, M.: Usage control model specification in XACML policy language. In: Proceedings of the 11th IFIP TC 8 International Conference on Computer Information Systems and Industrial Management, Springer-Verlag, CISIM’12, pp. 68–79 (2012)

  14. Colombo, M., Lazouski, A., Martinelli, F., Mori, P.: A proposal on enhancing XACML with continuous usage control features. In: Desprez, F., Getov, V., Priol, T., Yahyapour, R. (eds.) Grids, P2P and Services Computing, pp. 133–146. Springer (2010)

  15. Bertolino, A., Daoudagh, S., Lonetti, F., Marchetti, E., Martinelli, F., Mori, P.: Testing of PolPA-based usage control systems. Softw. Qual. Control 22(2), 241 (2014)

    Article  Google Scholar 

  16. Foster, I., Kesselman, C., Tuecke, S.: The anatomy of the grid: Enabling scalable virtual organizations. Int. J. High Perform. Comput. Appl. 15(3), 200 (2001)

    Article  Google Scholar 

  17. Chadwick, D.: Functional Components of Grid Service Provider Authorisation Service Middleware. Technical Report, Open Grid Forum (2008)

  18. van Lamsweerde, A.: Requirements engineering - from system goals to UML models to software specifications. Wiley (2009)

  19. Vardi, M. Y.: Branching vs. linear time: Final showdown. In: Margaria, T., Yi, W. (eds.) Proceedings of the 7th International Conference On Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2001), Lecture Notes in Computer Science, vol. 2031, pp. 1–22. Springer (2001)

  20. Objectover: A Power Tool to Engineer Your Business and Technical Requirements. http://www.objectiver.com/fileadmin/download/documents/leaflet.pdf (2015)

  21. Moffett, J., Sloman, M.: Policy Hierarchies for Distributed Systems Management. IEEE J. Selected Areas in Communications 11(9), 14 04 (1993)

    Article  Google Scholar 

  22. Bandara, A.K., Lupu, E.C., Moffett, J., Russo, A.: A goal-based approach to policy refinement. In: 5th IEEE Workshop on Policies for Distributed Systems and Networks. IEEE Computer Society (2004)

  23. Ponsard, C., Massonet, P., Molderez, J. F., Rifaut, A., van Lamsweerde, A., Hung, T.V.: Early verification and validation of mission critical systems. J. Form. Methods Syst. Des. 30(3) (2007)

  24. Letier, E., van Lamsweerde, A.: Deriving operational software specifications from system goals. In: FSE’10: 10th ACM SIGSOFT Symposium on the Foundations of Software Engineering (2002)

  25. Lorch, M., Kafura, D.: The PRIMA grid authorization system. J. Grid Comput. 2(3), 279 (2004)

    Article  MATH  Google Scholar 

  26. Dumitrescu, C.L., Raicu, I., Foster, I.: The design, usage, and performance of GRUBER: A grid usage service level agreement based brokERing infrastructure. J. Grid Comput. 5(1), 99 (2007)

    Article  Google Scholar 

  27. Lang, B., Foster, I., Siebenlist, F., Ananthakrishnan, R., Freeman, T.: A flexible attribute based access control method for grid computing. J. Grid Comput. 7(2), 169 (2009)

    Article  Google Scholar 

  28. Muppavarapu, V., Chung, S.: Role-based access control in a data grid using the storage resource broker and shibboleth. J. Grid Comput. 7(2), 265 (2009)

    Article  Google Scholar 

  29. Rubio-Loyola, J., Serrat, J., Charalambides, M., Flegkas, P., Pavlou, G., Lafuente, A.: Using linear temporal model checking for goal-oriented policy refinement frameworks. In: 6th IEEE International Workshop on Policies for Distributed Systems and Networks, pp. 181–190 (2005)

  30. Su, L., Chadwick, D., Basden, A., Cunningham, J.: Automated decomposition of access control policies. In: 6th IEEE International Workshop on Policies for Distributed Systems and Networks, pp. 3–13. IEEE Computer Society (2005)

  31. Janicke, H., Cau, A., Siewe, F., Zedan, H.: Deriving Enforcement Mechanisms from Policies. IEEE Computer Society (2007)

Download references

Author information

Authors and Affiliations

  1. School of Computing, University of Portsmouth, Portsmouth, PO1 3HE, UK

    Benjamin Aziz

Authors
  1. Benjamin Aziz
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Benjamin Aziz.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Aziz, B. Modelling Fine-Grained Access Control Policies in Grids. J Grid Computing 14, 477–493 (2016). https://doi.org/10.1007/s10723-015-9351-x

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10723-015-9351-x

Keywords

Search

Navigation